As discussed and known very clearly, the ransomware virusesWannaCry si Petya could not cause damage to such a large scale if they did not use a service Windows, left enabled by default microsoft for at least strange reasons.
SMBv1 is the service that has been exploited and through which it has been able to get into millions of computers Windows PC from all over the world. No matter what Windows 10, Windows 8 or Windows 7, SMBv1 must be disabled immediately.
Before going into the tutorial, let's see what means this SMBv1.
SMBv1 is the old protocolServer Message Block used by Windows to share files in a local network. Subsequently, this protocol was replaced by two versions.SMBv2 si SMBv3. The latter can remain active on the system. They are safe and can not be exploited.
From Microsoft, the SMBv1 protocol remained active on operating systems for the simple reason that they are a series of old applications using this protocol, they being updated forSMBv2 si SMBv3. Strangely reason to leave something like that in mind knowing beforehand cyber attacks as this protocol is a major risk.
Starting withWindows 10 Fall Creators Update(major update expected in September 2017) Microsoft will disable by default SMBv1. We do not know why so much damage was needed before Microsoft made this decision, but this is another discussion. Until then, SMBv1 can be deactivated very easily fromcontrol Panel →Programs →Turn Windows features on or off. You do not need to be expelled in computers to do this.
- Open control Panel and click "Programs
- in the list of Windows services, applications and protocols, we identify and debif "SMB 1.0 / CIFS File Sharing Support”
Click "OK", then restored after the deactivation was successful.
How to disable SMBv1 on Windows 7
- we open the editor registry (Registry Editor) from the Strat → search "regedit
- In Registry Editor we use the left bar to navigate to:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
The next step is to create a new one subkey under "Parameters". Right click on "Parameters"→New →DWORD (32-bit) Value.
The name of the new value will be "SMB1" with "0", which means it is disabled.
all you have to do now is shut it down registry Editor and restart the operating system. After restarting, the SMBv1 protocol will be disabled.
As a clarification, SMBv1 is not directly responsible for the ransomware infectionWannaCry si Petya. Through this protocol, it was only allowed to spread the virus to local networks, infecting millions of computers around the world.
Do not forget to use software virus upgraded to date, make backup copies of important files, and last but not least, note which buttons and links you click.How we can send large files (archives, pictures, movies) to friends via Firefox Send »»
Old: «« Anti-ransomware protection and backup solution for Windows and Mac
IT Tips - Windows, Mac OS X, Linux & Mobile - How do we protect Windows PC by Ransomware by disabling SMBv1